- Thread Starter
- #76
kenyloveg said:Hi, killasmurf86
Since 8.2 is released, would you update your scenario along with other updates like Postgresql 9.0.3?
Nothing (that I'm aware of) except version number change in this matter.
kenyloveg said:Hi, killasmurf86
Since 8.2 is released, would you update your scenario along with other updates like Postgresql 9.0.3?
portsnap fetch
portsnap extract
cd /usr/port/database/postgresql90-server
make clean install
error code 1
This is your specific problem (don't know why it won't build for you), I had no problem installing PostgreSQL server/clientkenyloveg said:Hi, killasmurf86
Thanks anyway.
My problem is failed to install Postgresql90-server, steps are below
Fresh install 8.2 release, choose minimal install, "portsnap fetch", "portsnap extract", "cd /usr/port/database/postgresql90-server", "make clean install", at last i get "error code 1", say something like open-sasl install failed/Postgresql client 8.4 failed.
Your English finekenyloveg said:Excuse me for bad English, and replied by using quick reply...
Have a good day.
see CONVERTING CERTIFICATE TO/FROM PKCS #12 FORMAT at http://forums.freebsd.org/showthread.php?t=6490kenyloveg said:And another question is regarding certification. I've already get class 1 cert from StartSSL, which is a .p12 file, how can i using this file as SSL/TLS cert? PS: I don't wanner get popup in Outlook client, saying should i trust this or not...
Thanks.
# cd /usr/ports/databases/postgresql90-server
# make install clean
portmaster databases/postgresql90-server
kenyloveg said:And one thing for newbies like me, you need to install portmaster first then reboot, then portmaster should work.
DutchDaemon said:Nonsense, this is not Windows. Just run [cmd=]hash -r[/cmd] or [cmd=]rehash[/cmd] after installing a port/package.
command not found
kenyloveg said:Hi, killasmurf86
Excuse me if I had so many noob questions. As configuration in dovecot.conf need both cert.pem and key.pem, after putting this [cmd=]openssl pkcs12 -in mycert.p12 -out cert.pem -nodes -clcerts[/cmd] I still need key.pem which I've no idea how to get this.
Thank you.
to=<test@fakeurl.com>, relay=dovecot, delay=0.24, delays=0.16/0.01/0/0.06, dsn=5.1.1, status=bounced (user unknown)
IrishWristwatch said:Where is the UserDB in this setup? My logs keep showing that the user is not found every time I send a message to the server.
Code:to=<test@fakeurl.com>, relay=dovecot, delay=0.24, delays=0.16/0.01/0/0.06, dsn=5.1.1, status=bounced (user unknown)
passdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
userdb prefetch {
# keep this, otherwise quota won't work
}
userdb static {
args = uid=mailnull gid=mail home=/mail/%d/%n
# keep this, otherwise quota won't work
}
killasmurf86 said:On my setup I don't use userdb, I get info about user from passdb, this way I save 1 SQL call
IrishWristwatch said:Strange, it couldn't find the user by just using a passdb SQL call (as shown in the log in my first post). It worked after I added that "userdb static" call into the file.
killasmurf86 said:Howto may contain some errors, because I wrote it off my memory.
I hope to fix these, next time I reinstall my server
IrishWristwatch said:Do you know how virtual mailbox forwarding would be done on this setup? For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com. I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.
inet_listener imaps {
port = 0
}
unix_listener imaps {
mode = 0666
}
$rcmail_config['default_host'] = 'unix:///var/run/dovecot/imaps';
$rcmail_config['default_port'] = -1;
root /usr/local/www/roundcube;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Only allow these request methods
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location / { deny all; }
location = / { index index.php; }
location = /index.php {
fastcgi_pass unix:/var/run/spawn_fcgi.socket;
}
location = /program/blank.gif {}
location = /program/blocked.gif {}
location ~ ^/program/js/.*\.js$ {}
location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
#!/bin/sh
while read url; do
echo -n "${url}: "
curl -o /dev/null --silent --head --write-out '%{http_code}\n' ${url}
done < check.list
IrishWristwatch said:Do you know how virtual mailbox forwarding would be done on this setup? For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com. I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.
henrixd said:This was great tutorial. I got things running, with almost no problems. Here is few things I did differently.
RoundCube uses fsockopen, so why not use unix sockets. First disable inet_listener and add unix socket for imaps.
dovecot config:
Code:inet_listener imaps { port = 0 } unix_listener imaps { mode = 0666 }
RounCube main config:
Code:$rcmail_config['default_host'] = 'unix:///var/run/dovecot/imaps'; $rcmail_config['default_port'] = -1;
This is part from my nginx.conf. We start with default deny all and move towards to allowing. Only PHP script that needs fcgi_pass is index.php and rest is just static files.
There is so much crap and exposed files in roundcube dirs, that I won't let them open nor want I keep checking them too often.
nginx config:
Code:root /usr/local/www/roundcube; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; ## Only allow these request methods if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } location / { deny all; } location = / { index index.php; } location = /index.php { fastcgi_pass unix:/var/run/spawn_fcgi.socket; } location = /program/blank.gif {} location = /program/blocked.gif {} location ~ ^/program/js/.*\.js$ {} location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {} location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
Here is my test code for nginx.conf (in case someone wants to validate).
First in server run this:
[cmd=]find /usr/local/www/roundcube -true > ./check.list[/cmd]
Run check.list file with this.
Code:#!/bin/sh while read url; do echo -n "${url}: " curl -o /dev/null --silent --head --write-out '%{http_code}\n' ${url} done < check.list
Remember to put security/sshguard to check mail.info too, to have a little extra security for the web login form. Keep in mind that max-src-conn-rate type of filter rules might lock you out (I didn't).
There, hope this helps secure someone's web-mail.
location ~ ^/program/js/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/skins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/plugins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
-- create virtual domain
-- currently virtual domains doesn't work for me
INSERT INTO domains_relay_domains VALUES ('example.com');
INSERT INTO mailbox_relay_domains VALUES etc
also for db security I suggest you change password for pgsql user and set password authentication for everything and everyone form anywhere
Aug 16 03:16:00 3rr0r postfix/pickup[1607]: 42B72B87E: uid=80 from=<www>
Aug 16 03:16:00 3rr0r postfix/cleanup[5049]: 42B72B87E: message-id=<20120816031600.42B72B87E@babaei.net>
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: from=<www@babaei.net>, size=501, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[5057]: 42B72B87E: to=<www@babaei.net>, orig_to=<www>, relay=dovecot, delay=0.03,
delays=0.01/0.01/0/0, dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/cleanup[1690]: 4892DB93B: message-id=<20120816031600.4892DB93B@babaei.net>
Aug 16 03:16:00 3rr0r postfix/bounce[5059]: 42B72B87E: sender non-delivery notification: 4892DB93B
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: from=<>, size=2164, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: removed
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[2400]: 4892DB93B: to=<www@babaei.net>, relay=dovecot, delay=0.53, delays=0.53/0/0/0,
dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: removed
The user with the UID 80 (www?) injects a mail using the sendmail
command.
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: stopping the Postfix mail system
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: starting the Postfix mail system